I Can't Duplicate or Save My Newsletters
This article refers to MailPoet 2
If you're looking for MailPoet 3 articles, please go to MailPoet 3 Knowledge Base
Some users are experiencing this problem: they are unable to duplicate or save modifications to a newsletter. "404 Not Found" errors on subscription forms or when duplicating a newsletter are also related to this issue.
This is due to some hosts loading a ruleset (usually is the Comodo ruleset) on their Apache Mod_Security module that prevents MailPoet from accessing the admin-ajax.php file, and the reason is related to this CVE: CVE-2014-3907
Cross-site request forgery (CSRF) vulnerability in the MailPoet Newsletters (wysija-newsletters) plugin before 2.6.11 for WordPress allows remote attackers to hijack the authentication of arbitrary users. Publish Date : 2014-08-26 Last Update Date : 2014-08-27
That prevents website visitors from subscribing to your website and administrators from duplicating and/or saving their newsletters, among other issues as well.A temporary solution for our users running the latest version of MailPoet is to turn off Mod_Security on their websites by including this piece of code to the beginning of their .htaccess file:
<IfModule mod_security.c> SecRuleEngine Off SecFilterInheritance Off SecFilterEngine Off SecFilterScanPOST Off </IfModule>
More information about disabling specific mod_security rules can be found here: http://resources.infosecinstitute.com/avoiding-mod-security-false-positives-white-listing/
In some cPanels, it's possible to manually disable Mod_Security for specific domains:
In case none of this works, get in touch with your host support and ask them to update their Mod_Security rules, since that CVE is already marked as fixed. This will then whitelist MailPoet.